Back to skill
Skillv0.2.1
VirusTotal security
Wa Relay · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:58 AM
- Hash
- 0043bc4d3f990458ff61a543f23a5a76391275777b0799ad14cf364d6c652093
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wa-relay-skill Version: 0.2.1 The skill is classified as suspicious due to high-risk operations performed by `scripts/setup.sh`. It copies sensitive `auth-profiles.json` credentials from the main agent to the relay agent, significantly expanding the attack surface. Furthermore, it modifies core OpenClaw JavaScript files (`paths-*.js`) and the main agent's `SOUL.md` using powerful `node -e` and `perl` commands. While these actions are transparently documented in `SKILL.md` and require user confirmation, they represent significant system-level modification capabilities and credential exposure, posing substantial vulnerabilities if the skill or environment were compromised.
- External report
- View on VirusTotal